Passwork.me (Team Password Manager For Business) has investigated a security issue with VPNFilter.

Security researches from Cisco Talos group published detailed information on the VPNFilter malware, which infected over 500 thousands routers in at least 54 countries, allowing the actors to spy on users and carry on cyberattacks.

The malware was originally thought to target routers and networking devices from such vendors as Linksys, MikroTik, NETGEAR, and TP-Link, but a deeper analysis showed that VPNFilter is also able to infect devices produced by ASUS, D-Link, Huawei, Ubiquiti, QNAP, UPVEL, and ZTE.

To compromise devices, the malware uses publicly known vulnerabilities as well as default credentials.

In addition to that, the researchers provided technical details on a module named “ssler”, an improved network sniffer allowing hackers to intercept traffic and deliver exploits via a man-in-the-middle attack (MitM).

“The ssler module provides data exfiltration and JavaScript injection capabilities by intercepting all traffic passing through the device destined for port 80,” the researchers explained.

This module also allows the malware to be constantly present on the device, even after its reboot.

Moreover, VPN Filter has destructive functions (the “dstr” module) allowing to make the infected device inoperable by deleting files needed for its normal operation.

Media Contact
Company Name: Passwork Oy
Contact Person: Iliya Garakh
Email: Send Email
Phone: +358 (0)9 3158 9580
Country: Finland
Website: https://passwork.me